Configure AAA authentication schemes on S series switches


Configure an AAA authentication scheme on an S series switch (except the S1700 switch) as follows:
[HUAWEI] aaa
[HUAWEI-aaa] authentication-scheme scheme1 //Create an AAA authentication scheme.
[HUAWEI-aaa-authen-scheme1] authentication-mode local //Set the authentication mode to local authentication.

Other related questions:
How is an authentication scheme bound to an AAA domain on an AR
Before configuring an authentication scheme for a domain on an AR, create an authentication scheme and set parameters in the authentication scheme. The configuration is as follows: 1. Create an authentication scheme scheme1 in the AAA view. [Huawei] aaa [Huawei-aaa] authentication-scheme scheme1 [Huawei-aaa-authen-scheme1] quit 2. Create an AAA domain isp1 and bind the authentication scheme scheme1 to the AAA domain. [Huawei-aaa] domain isp1 [Huawei-aaa-domain-isp1] authentication-scheme scheme1 [Huawei-aaa-domain-isp1] quit

How to configure multiple AAA authentication modes on a CE series switch
CE series switches support multiple authentication modes. If multiple authentication modes are configured in an authentication scheme, the authentication modes take effect in the sequence in which they are configured. A switch uses another authentication mode only when no response is received in the previous authentication mode. However, if authentication fails, the switch does not use another authentication mode.

For example, you can configure RADIUS authentication and local authentication in authentication scheme scheme0.

<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] authentication-scheme scheme0
[*HUAWEI-aaa-authen-scheme0] authentication-mode radius local
[*HUAWEI-aaa-authen-scheme0] commit

Configure the connection timeout period for Telnet users on S series switches configured with AAA authentication
In general, you can run the idle-time out command in the VTY interface view of an S series switch (except the S1700 switch) to configure the connection timeout period for Telnet users. However, when AAA authentication is configured, the value of the idle-timeout parameter set in the VTY interface view is invalid. The value of the idle-timeout parameter set in the AAA view takes effect.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top